Summary: The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694.

‘spect

Meta

All views are my own personal opinion and not my employer’s. Malware / exploit source code / compiled binaries are intended for responsible research or academic use within an appropriately controlled environment.

All content on this site comes without any warranty whatsoever to the maximum extent permitted by applicable law. All content licensed GPL version 3.0.